CompTIA Security Plus Mock Test Q724

Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:

A. Brute force.B. HTML encoding.C. Web crawling.D. Fuzzing.

Correct Answer: DSection: Application, Data and Host Security

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions
such as crashes, or failed validation, or memory leaks.

Incorrect Answers:
A: Brute force is a type of attack that consists of systematically checking all possible keys or passwords until a match is found.
B: HTML encoding applies to web applications only. When user input is not properly escaped and encoded it could be exploited for cross-site scripting. User input that encodes special
characters without proper escaping can lead to malicious code execution in the DOM.
C: Web Crawling applies to web application and describes the action taken by a program as it browses from page to page on a web application.